On 2020.07.16. 5:16, Mark Constable wrote:
On 16/7/20 5:54 am, Benny Pedersen wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing
either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the
mail.
windows 7 just need tls 1.0, why its need to disabled all, is as well
beyong me, do not disable tls 1.0 in dovecot aslong one have windows
7 clients
Would anyone with Windows7 clients be able to provide me with the
EXACT set of ssl_* settings that should work with W7 please?
I tried for a week with various combinations but nothing worked short
of disabling SSL altogether. These are the remnants of some attempts...
# 20200531 suggested by Aki Tuomi
#ssl_min_protocol = TLSv1.0
#ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
# https://ssl-config.mozilla.org OLD
# openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem
ssl_prefer_server_ciphers = yes
#ssl_min_protocol = TLSv1
#ssl_cipher_list = ECDHE-ECDSA****
# https://ssl-config.mozilla.org MEDIUM
# openssl dhparam -dsaparam 2048 > /etc/dovecot/dh.pem
#ssl_prefer_server_ciphers = no
#ssl_min_protocol = TLSv1.2
#ssl_cipher_list = ECDHE-ECDSA****
~ dovecot --version
2.3.7.2 (3c910f64b)
Apologies to the OP for hijacking this thread.
Are you sure, your operating system's SSL library (OpenSSL or whatever)
supports TLS 1.0?
--
KSB
